The reason for this is because Sys audit is typically the largest table in any instance. It is
not unusual for the audit table, in even a mid-sized instance, to be several gigabytes. At a
large installation, this table can be 50GB or more.

When we access the Sys audit table programmatically, we know what our query pattern is going to
look like, so we have added appropriate data indexes to match our queries. This means that when
you bring up, for example, the history on an incident, the database can use an index to
efficiently pull back the few dozen rows it needs for that query.

With freeform reporting, however, we cannot predict what your query pattern is going to look
like. Maybe you want to group by fieldname, or sort by
oldvalue. So it is possible your queries are not going to be indexed queries.
The net result is you will be asking the database to table scan a multiple GB file, which is bad
for these reasons:

It is slow, so your report will take an unacceptably long time

While the database is grinding the disk to scan your table, your instance will slow down or
even become unavailable because other queries cannot get the resources they need.

If you must report on a system table, you can add it to the
glide.ui.permitted_tables property. Navigate to System Properties > UI Properties and locate the property labeled List of system tables (beginning with
"sys_", comma separated), that are reportable. By default, system tables are not
reportable. Proceed with caution.